option 'auth users' in rsyncd.conf

Alexander Dahl
Thu, 21 Jan 2010 10:04:05 -0800

Hi there,

this is my first posting to this list, so let me quickly introduce
myself. I'm Alex and currently working on a new version of the rsync
package for the eisfair Linux distribution¹.


I have some problems understanding the behaviour of the 'auth users'
option in the rsyncd.conf file when running rsync in daemon mode. I set
up a module and a secrets file. This is the behaviour I came across:

Setting 'auth users = alice bob', 'auth users = alice,bob', and
'auth users = alice, bob' all seem to be equivalent. In each of these
three cases I can successfully connect to the daemon, which asks for a
password then. On providing a wrong password or a username different
from 'alice' or 'bob' the rsync daemon denies a connection. This is more
or less what I expected from this sentence in the manpage:

  This parameter specifies a comma and space-separated list of usernames
  that will be allowed to connect to this module.

If I omit or outcomment the 'auth users' line, everyone is allowed to
connect and this is also how I understood the manpage.

Now if I use the following line, also everyone is allowed to connect:

  auth users =

So if I don't put any username there, it's like I would have omitted the
line. This is not quite what I expected. This may be senseless but I
would have expected, the rsync daemon would deny everyone to connect
then, because he would check an empty list against the secrets file. Is
there a way to accomplish this behaviour, denying access? Or maybe a
similar behaviour without dropping the whole section of this module from
the config file and without changing any of the other parameters
configured in this module?

Greets
Alex

¹ http://www.eisfair.org/

-- 
»With the first link, the chain is forged. The first speech censured,
the first thought forbidden, the first freedom denied, chains us all
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

signature.asc
Description: OpenPGP digital signature

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to